class RuboCop::Cop::GitlabSecurity::RedirectToParamsUpdate

Check for use of redirect_to(params.update())

Passing user params to the redirect_to method provides an open redirect

@example

# bad
redirect_to(params.update(action:'main'))

# good
redirect_to(whitelist(params))

Constants

MSG

Public Instance Methods

on_send(node) click to toggle source
# File lib/rubocop/cop/gitlab-security/redirect_to_params_update.rb, line 23
def on_send(node)
  return unless redirect_to_params_update_node(node)

  add_offense(node, location: :selector)
end